Free Articles, Free Web Content, Reprint Articles
Tuesday, June 27, 2017
 
Free Articles, Free Web Content, Reprint ArticlesRegisterAll CategoriesTop AuthorsSubmit Article (Article Submission)ContactSubscribe Free Articles, Free Web Content, Reprint Articles
 

HIPAA Compliance 101

The Health Insurance Portability and Accountability Act (HIPAA) has changed the healthcare information security landscape in the U.S. Compliance has become a critical issue for all organizations tha...

The Health Insurance Portability and Accountability Act (HIPAA) has changed the healthcare information security landscape in the U.S. Compliance has become a critical issue for all organizations that come in contact with health information. Here is a summary the HIPAA basics.

HIPAA, also known as the Kennedy-Kassebaum Act, was signed into law by the U.S. Congress in 1996 to establish health insurance reform and healthcare administrative simplification for various healthcare entities including: health plans, healthcare clearinghouses such as billing services and community health information systems, and healthcare providers that transmit healthcare data in a way that is regulated by HIPAA.

Governed by HHS, HIPAA Title I supports the continuation of health insurance coverage for workers and their families when they change or lose their jobs. Title II defines numerous offenses relating to healthcare and healthcare-related information and sets civil and criminal penalties for agencies that fail to abide by HIPAA standards.

The most significant provisions of Title II for IT organizations are its Administrative Simplification rules. Per the requirements of Title II, HHS has established five rules regarding Administrative Simplification:

  • Privacy Rule
  • Transactions and Code Sets Rule
  • Security Rule
  • Unique Identifiers Rule
  • Enforcement Rule

Various security standards apply to each of these rules, particularly for the Security Rule, which establishes three main security objectives: Administrative Safeguards, Physical Safeguards, and Technical Safeguards. Each safeguard area includes both required and addressable implementation specifications. Required specifications must be adopted and administered as dictated by the rule.

Addressable specifications are more flexible. Yet according to the rules for both required and addressable specifications, how organizations satisfy individual security requirements and which technology they choose are left to the business decisions of each entity.

Healthcare organizations face fines for noncompliance with HIPAA regulations. Penalties include the following: general fines of up to $25,000 per incident, as well as up to $50,000, imprisonment for not more than one year, or both for wrongful disclosure of individually identifiable health information.

HIPAA Fines are Real

In July 2008, HHS announced a formal action against Providence Health & Services. HHS required Providence to pay $100,000 and implement a detailed Corrective Action Plan to ensure that it will appropriately safeguard identifiable electronic patient information against theft or loss.

This case emphasizes that there is a renewed interest in HIPAA and sends a clear message that HHS has the authority and intent to take enforcement action. This has been a debate of sorts ever since the passage of HIPAA. These matters are frequently resolved on a consultative basis with HHS Office of Civil Rights (OCR).They prefer to work with the healthcare organization to resolve problems. The HHS Office of Inspector General (OIG), howeverFree Reprint Articles, has been critical of HHS’ lack of enforcement activity in the past. Providence is an example that shows HHS can and will act for HIPAA violations.

Source: Free Articles from ArticlesFactory.com

ABOUT THE AUTHOR


Katherine Janiszewski plays a crucial role as Marketing Manager of netForensics. Founded in 1999, netForensics is based on a culture of excellence and innovation. Their team of leading experts understands the ever-evolving security threat and compliance needs of today’s organizations, including HIPAA IT Technology. For more information, visit netForensics.com.



Health
Business
Finance
Travel
Technology
Home Repair
Computers
Marketing
Autos
Family
Entertainment
Education
Law
Communication
Sports
Other
ECommerce
Home Business
Self Help
Internet
Partners


Page loaded in 0.057 seconds